May, 2011

Oh how I am starting to enjoy the odd numbered months this year. Back in January Microsoft released 2 bulletins. February followed with 12, March with 3, and April with 17. Now May has arrived with only 2 bulletins. If you are looking to avoid piles of patch deployment work this summer, I’d bet on…

This week ISACA released results from its Top Business/Technology Issues Survey, which revealed that issues such as regulatory compliance, governance and information security management continue to top the list of enterprise IT concerns.

In configuration we trust. This statement couldn’t be truer to my research team and me, especially after discovering some of the findings in our latest report, which we publicly released last week. In the report, we describe simple configuration changes and software version upgrades that could mitigate many application vulnerabilities before patches are available. Some…

A solution can never have too many reports or can it ? I have seen products that have hundreds of reports and the titles and descriptions vary in just subtle ways using words like “sort by” or “group by”. Finding the one you need and that meets your business requirements can be a challenge and…

In kindergarten, we all learned an important lesson: how to share. Some people, as they grew up, seem to have taken this concept a little too far, with no real consideration for possible consequences. I’m not trying to undermine the importance of sharing as a general rule, but let’s just take a quick look at how sharing has “helped” in the recent past.

Ever see how a duck glides through water? It looks effortless from the surface, but beneath the waterline is a different story. In reality the poor duck is paddling his web feet feverishly in order to move about. Now you know what it’s like to be a Chief Security Officer managing today’s enterprise security requirements.

Have you ever really hurt yourself? Maybe broken a bone or torn a ligament? If your answer is yes, you’ll understand (all too well) when I say these injuries can hurt, cost a TON of money to fix, and sometimes happen in really embarrassing ways. Not surprisingly, bodily injuries aren’t the only wounds that can cause those consequences. Enterprise injury, specifically those caused by the misuse of privilege, can also be quite damaging in the exact same ways.

In an earlier post I talked about tapping in to the power of the information in our privileged identity management system to improve productivity. Those detailed compliance logs you have been generating are a gold mine of information.

The drive for greater company-wide efficiencies and overall cost-savings has made the reality of outsourcing a significant part of 21st century business practices. But, by handing over your data and network access to third-parties, no matter how trustworthy, your enterprise could be at risk of suffering a serious and damaging data leak.

It never ceases to amaze me how predictable we are as human beings. Whether it’s continuing to repeat our own mistakes or thinking the consequences of others’ actions would never apply to us, it seems we’re far too eager to turn a blind eye to reality. Reality, however, has a funny way of coming back…